Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable Git Service, low complexity, requires a low-privileged authenticated git user (PR:L), no interaction; scope changed (S:C) since RCE and cross-tenant access affect resources beyond the vulnerable component, with full CIA impact.
Primary rating from Vendor (4760f414-e1ae-4ff1-bdad-c7a9c3538b79).
CVSS VectorVendor: 4760f414-e1ae-4ff1-bdad-c7a9c3538b79
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area.
This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 (commercial and government cloud) at the service level.
AnalysisAI
Privilege-escalating remote code execution in the Git Service shared by Altium Enterprise Server and Altium 365 lets an authenticated user with basic git access abuse post-clone file-manipulation operations to move arbitrary files outside the repository, plant executable script content, and run code as the Git Service account. On multi-tenant Altium 365 cloud nodes this also created a cross-tenant data-exposure path. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated account with basic git access to the shared Git Service (CVSS PR:L confirms low-privileged authentication is needed - this is not anonymous). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H and subsequent-system SC:H/SI:H/SA:H) is internally consistent with the description: network-reachable, low-complexity, no user interaction, requires only a low-privileged authenticated git user, and yields full impact on both the vulnerable service and downstream systems - the subsequent-system 'high' metrics map directly to the described cross-tenant exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who holds or phishes a low-privileged Altium account with basic git access clones a repository, then issues crafted post-clone move operations whose target paths contain traversal sequences to relocate an attacker-supplied script into a directory the Git Service later executes. When the service runs that content, the attacker gains code execution under the Git Service account; on a shared Altium 365 node this position can be pivoted to reach other tenants' data. … |
| Remediation | For on-premises deployments, upgrade Altium Enterprise Server to version 8.1.1 (Vendor-released patch: 8.1.1), which contains the fix for the unvalidated post-clone file-move operations. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Altium Enterprise Server and Altium 365 instances; audit Git Service access logs for unauthorized activity; for multi-tenant deployments, assess cross-tenant data exposure scope. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41210
GHSA-m97g-7h77-r5pr